Theme briefing

Key trends impacting cybersecurity

Credit: Bert van Dijk/Getty images.

Powered by

In today's fast-paced digital world, staying ahead of cybersecurity threats is critical for businesses. Here we summarise some of the technology, macroeconomic, and regulatory trends shaping the cybersecurity industry. For a more in-depth analysis of all trends relevant to the cybersecurity landscape, download GlobalData’s latest cybersecurity report.

Technology trends impacting cybersecurity

AI as a threat and a solution 

Artificial intelligence (AI) is revolutionizing cybersecurity, offering significant benefits and challenges. While AI enhances threat detection, hunting, and incident response, it also empowers cybercriminals. Generative AI, for instance, can refine phishing attacks by eliminating typical indicators like poor grammar, making them harder to detect. 

Organizations now face AI-powered cyberattacks that adapt and exploit specific vulnerabilities. Cybercriminals may use large language models (LLMs) trained on malware to craft sophisticated attacks. Key risks include prompt injection, where attackers manipulate AI applications into unauthorized actions, and insecure output handling, allowing malicious instructions if outputs aren't properly validated. 

Despite these threats, AI provides substantial defensive benefits. It enables deeper network insights and faster threat identification. A 2023 IBM report revealed that organizations using AI and automation could identify and contain breaches 108 days quicker than those without these technologies. AI applications in cybersecurity include biometric authentication, threat detection, and incident response. For example, CrowdStrike's Falcon uses AI to detect anomalies like unusual traffic patterns and unauthorized data access. 

The AI-driven security landscape is transforming cybersecurity roles. A February 2024 survey by the International Information System Security Certification Consortium (ISC2) found that 88% of professionals expect AI to impact their jobs significantly. However, 82% foresee increased efficiency, and 56% believe AI will handle routine tasks, allowing them to focus on higher-value activities. 

Ransomware attacks are on the rise 

The evolving ransomware threat continues to challenge businesses globally with its increasing sophistication and frequency. 2023 was notable for relentless cyberattacks. Some criminals started copying and stealing data, demanding ransom for not publicizing it, and selling it on the dark web.  

Check Point reports that one in every 10 organizations worldwide faced attempted ransomware attacks in 2023, a 33% increase from 2022. Organizations globally experienced over 60,000 attacks on average, equating to 1,158 attacks per organization per week. High-profile victims included MGM Resorts, Boeing, and the UK’s Royal Mail. 

Ransomware payments in 2023 surpassed $1 billion, marking a record high, excluding the economic impact of productivity loss and repair costs. The ransomware industry attracted numerous new players, with Recorded Future identifying 538 new ransomware variants in 2023. The trend of "big game hunting" became dominant, focusing on fewer attacks but demanding larger ransoms, with payments increasingly involving sums of $1 million or more. 

Leading anti-ransomware companies include Gen Digital (Avast and Norton), Bitdefender, Check Point Software, CrowdStrike, Illumio, and Sophos. 

Supply chain attacks 

Cyberattacks targeting software supply chains are increasingly prevalent and highly disruptive. These attacks can cripple an entire supply chain, causing massive business interruptions.  

According to IBM’s 2023 Cost of a Data Breach report, it takes an average of 233 days to identify and 74 days to contain such breaches, totaling 307 days. This is 37 days longer than other types of data breaches. In 2023, 15% of organizations reported supply chain compromises as the source of data breaches. 

Supply chain attacks gained prominence in 2020 with the SolarWinds hack, where Russian hackers inserted malicious code into the company's software, affecting thousands of organizations, including the US government.  

The UK government's Cyber Security Breaches Survey 2023 indicates that most large businesses now review their supply chain risks, with 55% of large businesses assessing immediate supplier risks, up from 44% in 2022. 

A significant 2023 attack involved MOVEit, a managed file transfer software. Exploiting SQL injection vulnerabilities, attackers manipulated data, disclosed sensitive information, gained administrative privileges, exfiltrated files, and deployed ransomware. This attack impacted organizations such as the BBC, Zellis, and Norton, underscoring the critical need for robust supply chain security measures. 

Cloud-based security 

The COVID-19 pandemic accelerated cloud adoption as companies transitioned to remote work, increasing their exposure to cyber threats. Misconfigured security settings in cloud environments have become a significant issue, making it easier for attackers to steal data.  

A 2023 Thales study highlights that businesses face numerous challenges due to a cloud-first, multicloud approach, with 79% of respondents using more than one cloud provider. Each additional provider introduces new security controls and data protection models, complicating the security landscape.  

The survey found that 38% of respondents identified software as a service (SaaS) applications as the primary target for cyberattacks, followed by cloud storage at 36%. Nearly half (46%) reported experiencing a data breach in their cloud environments, underscoring the risk associated with cloud data exposure. As cyber threats evolve, organizations must enhance their security measures to protect cloud-based resources. 

Leading players in cloud security include Amazon, Broadcom, CrowdStrike, Microsoft, Alphabet, Netskope, Palo Alto Networks, and Zscaler.  

Chip-based security 

The evolution of chip-based security is becoming essential as more chips are integrated into mission-critical servers and safety-critical applications. The increasing trend of systems vendors and original equipment manufacturers (OEMs) designing their own chips has shifted the focus of security requirements to a more internalized concern.  

The 2017 discovery of high-profile security vulnerabilities like Meltdown and Spectre forced chip vendors to patch security holes with software, resulting in reduced performance improvements for upgraded servers. Consequently, vendors began developing custom chip architectures to achieve better performance and power gains while maintaining control over chip security. 

The economic landscape of hardware attacks has changed, making hacking tools accessible to ordinary criminals. As computing becomes more pervasive and connected, the attack surface expands, increasing the likelihood of hardware attacks. The OpenTitan coalition's February 2024 announcement of the first commercial silicon chip with open-source built-in hardware security exemplifies this trend. OpenTitan provides an on-chip source of cryptographic keys that are inaccessible remotely, ensuring tamper-free security infrastructure. 

Macroeconomic trends impacting cybersecurity

The Ukraine conflict 
​​​​​​​

Since the annexation of Crimea in 2014, Russia has employed cyberattack tactics against Ukraine, with notable incidents like the 2015 attack on the Ukrainian power grid and the 2017 NotPetya ransomware attack. The full-scale Russian invasion of Ukraine in February 2022 escalated the frequency of cyberattacks on Ukraine, with Russian-affiliated groups targeting critical infrastructure and communication systems. High-impact attacks, such as the December 2023 assault on Kyivstar, Ukraine's largest mobile network operator, highlight the severe disruptions caused by cyber warfare. 

State-sponsored attacks 

The frequency of state-sponsored cyberattacks is expected to rise in 2024, driven by numerous national elections worldwide. These events often catalyze targeted cyberattacks aimed at disrupting electoral campaigns or the voting process. The US and UK are among the countries facing significant cyber threats during their elections. Previous instances, such as the unsuccessful cyberattacks during Estonia's 2023 parliamentary elections and the disruptions during the US midterm elections in 2022, underscore the growing threat of state-sponsored cyber activities. 

Cybersecurity skills shortages

The global cybersecurity workforce gap reached a record four million people in 2023, despite a 9% increase in the workforce to 5.5 million. The demand for cybersecurity talent continues to outpace supply, driven by the increasing complexity of technology and the relentless task of securing systems, networks, and data against cyberattacks. The rise of AI-based attacks further exacerbates the need for skilled cybersecurity professionals. 

Regulatory trends impacting cybersecurity

Ransomware regulations 

Ransomware attacks pose a significant threat to businesses, often resulting in substantial financial losses. Involving law enforcement in ransomware incidents can reduce the total cost of breaches. According to IBM's 2023 report, organizations that involved law enforcement experienced lower breach costs compared to those that did not. Although paying a ransom is not illegal in many jurisdictions, organizations are advised against it due to the minimal cost savings and potential legal consequences if payments are made to sanctioned entities. 

EU cybersecurity legislation 

The EU's NIS2 directive, adopted in November 2022, sets stricter cybersecurity obligations for member states, including risk management, reporting, and information sharing. EU countries have until October 2024 to transpose the directive into national law. The directive aims to harmonize cybersecurity measures across the EU, enhance cooperation, and establish a European vulnerability database. Additionally, the European Commission plans to adopt regulations for a European cybersecurity certification scheme (ECCS) in 2024, covering a wide range of IT products and setting high standards for security components. 

GlobalData, the leading provider of industry intelligence, provided the underlying data, research, and analysis used to produce this article. 

GlobalData’s Thematic Intelligence uses proprietary data, research, and analysis to provide a forward-looking perspective on the key themes that will shape the future of the world’s largest industries and the organisations within them. 

09/12/2024 10:09:07
  • Home | Cybersecurity in the age of AI
  • Contents
  • Briefing
  • Foreword: Cybersecurity in the age of AI
  • Navigating the AI-driven cybersecurity landscape
  • Key trends impacting cybersecurity
  • Timeline: a history of cybersecurity
  • Explainer: The most common types of cyberattacks
  • AI attacks now ‘the main cybersecurity concern’ for businesses across sectors
  • The state of cybersecurity: AI and geopolitics mean a bigger threat than ever
  • Companies’ own AI applications are ‘a huge cybersecurity problem’
  • Regulators must protect the cybersecurity market from a private equity takeover
  • Healthcare
  • The impact of cybersecurity on healthcare
  • Case studies: cybersecurity in healthcare
  • Leading cybersecurity adopters and providers in healthcare
  • How healthcare cybercrime is predicted to escalate
  • Healthcare cybersecurity risk ‘higher than ever’ due to pandemic
  • Industry takes: Keeping healthcare businesses cybersecure
  • Rubrik’s Richard Cassidy on cyberattacks and resilience in healthcare organisations
  • Cyberattacks on healthcare: Russia’s tool for mass disruption
  • Traceability technologies tighten supply chain fakery
  • Could brain-computer interfaces be hacked?
  • Deal activity related to cybersecurity in the pharma industry since 2021 
  • Deal activity related to cybersecurity in the medical industry since 2021 
  • Energy
  • The impact of cybersecurity on the energy sector
  • Case studies: cybersecurity in energy
  • Leading cybersecurity adopters and providers in power
  • Cyberattacks on critical energy infrastructure ‘have increased dramatically’
  • Report: Nuclear industry faces acute cybersecurity threats
  • The energy transition means increased attack surfaces for hackers
  • Deal activity related to cybersecurity in the power industry since 2021 
  • Cyber threat to oil and gas driven by geopolitics, extortion
  • How has cybersecurity changed since the Aramco hacks?
  • Deal activity related to cybersecurity in the oil and gas industry since 2021 
  • Mining
  • The impact of cybersecurity on mining
  • Case studies: cybersecurity in mining
  • Leading cybersecurity adopters and vendors in mining
  • Proactive approach to cybersecurity key for mines
  • ‘Operational disruption’ the main cybersecurity threat in mining
  • Why the mining sector should prioritise investment in cybersecurity
  • Will the Northern Sea Route become commercially viable in the near future?
  • Deal activity related to cybersecurity in the mining industry since 2021
  • Defence
  • The impact of cybersecurity on defence
  • Case studies: cybersecurity in defence
  • Leading cybersecurity adopters and providers in defence
  • Latest news: Ukraine war dominant in cyber operations
  • Sweden’s Nato accession: a cyberattack-filled saga
  • Germany recalls ambassador to Russia over cyberattacks
  • Why have cyberattacks in Poland spiked since Donald Tusk’s election?
  • How did China hack the UK Ministry of Defence?
  • Will IoT in defence continue to grow amid cybersecurity concerns?
  • AI Innovations wants to use semi-autonomous drones to save lives in Ukraine
  • Deal activity related to cybersecurity in the aerospace & defence industry since 2021 
  • Consumer Goods
  • The impact of cybersecurity on the consumer goods sector
  • Case studies: cybersecurity in the consumer sector
  • Leading cybersecurity adopters and providers in consumer goods
  • Latest news: Cybersecurity in packaging
  • Cybersecurity rising concern for packaging firms as digitalisation raises threat
  • Packaging companies must protect production lines from cyberattacks –analyst
  • Cybersecurity boost: Packaging learns from recent IT outages
  • Deal activity related to cybersecurity in the packaging industry since 2021 
  • Latest news: Cybersecurity in drinks 
  • Drinks industry faces cybersecurity challenges from smart manufacturing
  • Brown-Forman chief talks cybersecurity
  • Modern supply chains open up cyber weak spots
  • Banking
  • The impact of cybersecurity in banking and payments
  • Case studies: cybersecurity in banking
  • Leading cybersecurity adopters and providers in banking & payments
  • Latest news: cybersecurity in banking
  • AI needed to tackle AI fraud – cybersecurity expert
  • What are the main cybersecurity trends of 2024?
  • What does the Economic Crime Act mean for foreign investors to the UK?
  • Regulators make crypto more attractive to institutions – NYU professor
  • Finance firms and ex-spies: strange bedfellows in a war-torn world
  • Monzo adds friction to fight fraud—but the features may not be popular with customers
  • Looking to stop payment fraud? Modernise your approach to bank validation
  • Governments must intervene on anti-fraud funding for real-time payments
  • Knowledge sharing puts finance sector among best for cybersecurity
  • Deal activity related to cybersecurity in the retail banking industry since 2021 
  • Sponsorship opportunities
  • GlobalData Thematic Intelligence
  • Next issue
09/12/2024 00:00:00